First the WannaCry attacks rocked the world, locking up thousands of computers across the globe. Then on Tuesday the 27th of June the so-called “NotPetya” virus exploited the same vulnerabilities as the WannaCry attack and crippled infrastructure across Ukraine before sweeping across the rest of the globe to lock up essential computer systems. The marked up-tick in large, organized cyber-attacks could imply that we are looking at the beginning of a new kind of warfare; Cyber Warfare.
The attacks look criminal but they are geared more to destruction than profit
At first glance both the Wannacry and NotPetya attacks look like they are purely criminal enterprises. Both are ransomware, both lock up the target computer and demand money in order to free your data. It seems pretty cut and dry. Experts however, are beginning to think that these attacks have deeper motivations than quick profits.
In particular, a consensus is beginning to form around the idea that NotPetya was designed specifically to cause as much chaos as possible, rather than to extort companies for money. The attack itself was incredibly sophisticated but the payment collection side of things was incredibly bare-bones, almost as if it was an afterthought. This has led experts to believe that the attacks were designed simply to cause as much chaos as possible while using the cover of ransomware to make it look like an opportunistic attack by inexperienced criminals.
While there is no evidence yet, the same could arguably be said of the WannaCry virus. The virus made very little money but spread like rapidly, only stopped because of a poorly designed killswitch triggered by a security engineer. The virus caused a lot of damage and may well have been a probing attack to see how effective the Eternal Blue exploit and DoublePulsar backdoor were.
The overall trend has been more cyber attacks and more politically motivated attacks
There have been some major attacks recently and the general overall trend has been towards an increased number of cyber-attacks in general with a huge up-tick in the number of attacks that could be politically motivated.
A number of recent email leaks, hacks or cyber attacks have had obvious political motivations. In the United States, the DNC email debacle arguably led to the downfall of Hillary Clinton in a close fought election. The recent blockade of Qatar by the Arab Union can be traced back to a fake news allegedly planted by Russian hackers in an attempt to destabilize the region and drive Qatar into Iran’s arms. North Korea has also been linked to a series of online bank robberies, presumably in an attempt to circumvent the sanctions against the regime and get money into the country.
This represents a major shift in the genealogy of the Cyber Criminal. While we haven’t yet (knowingly) reached the point where you have state run Cyber warfare we are definitely witnessing the beginning of state backed Cyber Warfare. Or to put it in Putin’s own words “hackers get up in the morning and read the news about what’s happening in international affairs. If they feel patriotic, they try to make what they see as a fair contribution to the struggle against those who speak ill of Russia. Is that possible? Yes, theoretically possible.” There is no evidence that the Russian government bank-rolls these individuals but those words certainly imply support.
War isn’t about men with guns battling it out, at least not really
The term Cyber Warfare seems almost wrong. After all when we think of warfare we think of guns, bombs, tanks and infantry. The thing is that war isn’t about those tanks and men and weapons, at least not really. At the end of the day warfare comes down to cold numbers. Can you supply your troops with ammunition, wages and food. Can you get your equipment from this area to that area. Can you afford to rebuild and repair damaged vehicles and kit.
If you look beyond the battles and the triumphs and defeats the aim of war has been the same throughout history. Cripple your opponent’s economy and infrastructure and their army will collapse without you firing a shot. The Spartan’s burned Athenian farms in order to starve them into a fight. Medieval towns were cut off from supplies to avoid a costly attack on the walls. In the First World War the German military was perfectly capable of continuing to fight but the German economy and civilian population was not. So, Germany capitulated, resulting in the treaty of Versailles. The concept of crippling your opponent’s economy has informed many modern insurgency movements. Destroying the morale of the civilian population and damaging the local infrastructure is what guerrilla warfare and terrorism is based on. Cyber Warfare comes from a similar ideology.
America and its NATO allies have been attempting to cripple Vladimir Putin’s administration using sanctions and it has been somewhat successful. The Russian economy suffered as a result and Putin has had to increasingly look to domestic policy in order to shore up his support. Unfortunately for NATO, the sanctions have been unsuccessful at curtailing Russian military development and are increasingly unpopular among European nations. It seems that Russia may now be developing its own methods to fight back.
Russia and others have began to realize the potential of Cyber Warfare
Russia has long been using economic warfare against its old satellite states, leveraging their control over the gas supply in order to keep them in line. Now it is becoming increasingly clear that Russia can sow chaos among its Western neighbors simply by tacitly encouraging “patriots” to target foreign governments.
Emails leaks and hacks have caused international incidents and thrown doubts upon the democratic process in the United States and potentially other countries. However the threat posed by the WannaCry and NotPetya is arguably more dire. If WannaCry was indeed a probe of the world’s cyber defenses, then NotPetya is a test of the first cyber bomb.
Both NotPetru and WannaCry exploited the same loophole. It was released into the wild when the NSA lost a series of exploits that they had been hoarding in order to use themselves. The WannaCry attack demonstrated just how weak our defenses were. Relatively simple pishing techniques allowed the virus to spread unchecked, in part due to the large number of Windows machines running out of date software.
NotPetru has spread far more slowly and most experts do not believe it will infect many more computers than it has already hit on Tuesday. That said, the virus devastated Ukrainian infrastructure quite effectively. This lends credence to the theory that it was designed specifically as a targeted attack designed to masquerade as ransomware to lend deniability to the attackers. If these theories are correct, then Russia or others could plausibly begin to target the infrastructure of more nations, n order to weaken their economy. In other words, Cyber Warfare.
As compelling as the theory is, it’s still just a theory
While the arguments that NotPetru was a state backed cyber attack are compelling the evidence isn’t quite there yet and honestly, we probably won’t find it. Most governments are certain that terrorist groups like Daesh and Al Queada have foreign state backers but it is nearly impossible to prove the links. The same will likely be true of these cyber attacks.
The fact is that the attacks did primarily affect Ukraine and they were clearly designed to cause damage, rather than reap material gain. On top of this Russia’s indifference to Citizen Hackers gives a lot of weight to the argument that these attacks are Russian backed. Yet, it can’t be proven.
Even if we assume that these attacks were not state backed, they have proven that cyber attacks can cause widespread damage. This will almost certainly lead to states beginning to adopt these tactics in order to further their own agenda.
Cyber Warfare is effective and we don’t have a counter
Insurgencies have had great success in defeating well armed modern militaries in recent history. Terrorism has proven almost impossible to stop. Cyber Warfare will prove to be another of these tactics that is nearly impossible for our governments to effectively counter.
It exploits weaknesses not just in software but also in people’s behavior. One of the reasons that ransomware is so effective is because it exploits people’s natural tendencies. Even the most computer savvy of us have almost been caught out by a dodgy email, imagine how easily your IT illiterate could click on a suspect email. All it takes for an attack to succeed is an IT manager to neglect an update, an office worker to click something they shouldn’t and your system is infected, which could lead to more systems being infected.
This is a nightmare for security specialists as they can make as many recommendations and guidelines as they want; but if Bob from accounting doesn’t read them then the malware will still get on the network. Cyber Warfare will be incredibly difficult to counter.
Because of how easy it is to develop and spread it is likely we are going to see more of these attacks over the coming weeks, months and years and I don’t think we will have an effective counter any time soon. You can protect yourself by making sure that you don’t click suspect emails and ensuring that you keep your software as up to date as possible but that won’t stop your bank, office or company from being attacked.